acl9 and devise don't seem to work well together

Question

I have a user model which is access controlled by ACL9 in userscontroller:

ACL9 related stuff

before_filter :load_user, :only => [:show] access_control do allow :owner, :of => :user, :to => [:show] end def load_user user = User.find(params[:id]) end

in ApplicaitonController I have a rescue_from 'Acl9::AccessDenied', :with => :access_denied

def access_denied authenticate_user! # a method from Devise end

it is no problem to type in url for sign in page http://localhost:3000/users/sign_in

but it is a problem when for example I type in the user page first, which I am to expect to be redirected to sign in page automatically thru the logic above http://localhost:3000/users/1 #=> infinite redirect hell. it tries to redirect back to users/1 again(!?) instead of directing to users/sign_in

Does anyone have an opinion as to what might be going wrong?

Thanks!

Answer 1

I think you should not use Acl9 in Devise user controller. Since you are not authenticated you have no rights and you will not authenticate :D. You may want to forbid users to delete, so it should be like:

access_control :only => [:destroy] do
      allow :admin
end

For UsersController you should overwrite your access_control if you want to leave it as is in application controller.